> On Feb 28, 2016, at 11:31 PM, madx@??? wrote:
> ...
> The first “C.L.P.P.S” password should be one the End-user has memorized. From there they can either open the tails persistent volume or they can open a second C.L.P.P.S Database. From there the password that opens the persistent volume should be in upwards of ten to twenty thousand characters.
If a short password is used to unlock a keychain that contains a longer password,
A) the net security of the system is still constrained by the entropy in the short password, and
B) there is absolutely ZERO benefit to storing a long password in text form that will immediately be hashed down to a binary key for a bulk cipher. Just store the binary key.
Best regards,
. png
